SUSE-CU-2022:238-1: Security update of trento/trento-runner

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Mar 1 07:51:48 UTC 2022 

SUSE Container Update Advisory: trento/trento-runner
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:238-1
Container Tags        : trento/trento-runner:0.9.0 , trento/trento-runner:0.9.0-rev1.1.0 , trento/trento-runner:0.9.0-rev1.1.0-build3.2.14 , trento/trento-runner:latest
Container Release     : 3.2.14
Severity              : important
Type                  : security
References            : 1194968 1195054 1195217 CVE-2022-23852 CVE-2022-23990 
-----------------------------------------------------------------

The container trento/trento-runner was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:471-1
Released:    Thu Feb 17 09:58:37 2022
Summary:     Recommended update for trento-premium
Type:        recommended
Severity:    important
References:  
This update for trento-premium fixes the following issues:
  
- Releasing new sub-package 'trento-premium-installer'. (jsc#MSC-302)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:498-1
Released:    Fri Feb 18 10:46:56 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1195054,1195217,CVE-2022-23852,CVE-2022-23990
This update for expat fixes the following issues:

- CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054).
- CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:520-1
Released:    Fri Feb 18 12:45:19 2022
Summary:     Recommended update for rpm
Type:        recommended
Severity:    moderate
References:  1194968
This update for rpm fixes the following issues:

- Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:579-1
Released:    Mon Feb 28 11:12:24 2022
Summary:     Recommended update for trento-premium
Type:        recommended
Severity:    moderate
References:  
This update for trento-premium fixes the following issues:

Release 0.9.0

### Added

- Pin specific container image versions in the helm chart values 
- review values for SUSE infrastructure 
- Add health summary api endpoint 
- Homepage UI component 
- Embed cpu and memory usage dashboards in host detail 
- Sap system health computation 
- Attach system replication status badge on secondary node 
- Add remediation command to the corosync token timeouts checks 
- Add node exporter state in the frontend 
- Add prometheus grafana to helm chart 
- Prometheus HTTP service discovery API 
- Adds feedback collector 
- Add connection retry when starting Web and Runner 

### Fixed

- Web serve command not stopped correctly during database initializaion tries 
- Links in compressed sidebar don't work 
- CD process doesn't clean up old node module tgz files 
- Aligns Overview 
- Use context correctly during db initialization 
- Compute attached database health 
- Fix dump scenario script clean-up command 
- Push catalog info after the checks 
- Show all sbd devices 
- Do not make assumptions about the shape of the payload of checks catalog 
- Remove mention of Blue Horizon from landing page 
- Links in compressed sidebar are working again 

### Closed Issues

- Checks catalog empty 
- Settings button missing in Pacemaker Clusters details view 

### Other Changes

- Enable Grafana persistence 
- Fix health summary api 
- Fix grafana secret  
- Fix grafana embedding 
- Implement cluster heatlh computation projection 
- refresh zypper repo before installing node exporter 
- Add Grafana initialization 
- Run prometheus installation as root 
- Do not add bitnami charts repo from the installer if it's not needed 
- Fix dependabot auto-merge workflow 
- Change trento path in the Dockerfile 
- Allows Grafana dashboards to be embedded 
- Add hana cluster details e2e test 
- E2e test cluster overview 
- Switch to the SLE BCI images 


The following package changes have been done:

- libexpat1-2.2.5-3.12.1 updated
- trento-premium-0.9.0+git.dev74.1645798943.a1180f8-150300.3.10.1 updated
- python3-rpm-4.14.3-150300.46.1 updated

More information about the sle-updates mailing list